Rosenbaum, Larry M. wrote:
d.hill wrote:
Um... The OP did not send malware to the list. A link was supplied to
the original message. You must have a scanner set up to follow links.
That isn't a good idea, in my opinion.
There was some code in the message, right after the Here's just the
From: d.h...@yournetplus.com [mailto:d.h...@yournetplus.com]
Sent: Wednesday, April 28, 2010 2:29 PM
To: users@spamassassin.apache.org
Subject: RE: new PDF Launch malware exploit (with sample)
Quoting Rosenbaum, Larry M. rosenbau...@ornl.gov:
Please don't send live malware samples
About a month ago, Didier Stevens found a nifty way to exploit
PDFs, using their launch action.
Original article:
http://blog.didierstevens.com/2010/03/29/escape-from-pdf/
More info:
http://www.sophos.com/blogs/sophoslabs/?p=9301
Yesterday morning, several of these showed up in
Please don't send live malware samples to the list.
-Original Message-
From: Chip M. [mailto:sa_c...@iowahoneypot.com]
Sent: Wednesday, April 28, 2010 2:01 PM
To: users@spamassassin.apache.org
Subject: new PDF Launch malware exploit (with sample)
FILE QUARANTINED
Microsoft
On ons 28 apr 2010 20:01:29 CEST, Chip M. wrote
About a month ago, Didier Stevens found a nifty way to exploit
PDFs, using their launch action.
when you get more add them here http://www.clamav.net/
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
.
-Original Message-
From: Chip M. [mailto:sa_c...@iowahoneypot.com]
Sent: Wednesday, April 28, 2010 2:01 PM
To: users@spamassassin.apache.org
Subject: new PDF Launch malware exploit (with sample)
FILE QUARANTINED
Microsoft Forefront Security for Exchange Server removed a file since
it was found
On 2010-04-28 20:01, Chip M. wrote:
I haven't seen any since the first blast, so I suspect their
signatures were widely distributed by most anti-virus orgs.
I'm mainly publishing this for all of us who like to have backup
rules, and are willing to be more general than the sometimes too
tightly
